Development of Visual Cryptography Technique for Authentication Using Facial Images

Security in the real world is an important issue to be taken care and to be encountered with various aspects and preventive measures. In the present era, whole major security concerns is the protection of this multimedia web is coming closer from text data to multimedia data, one of the data. Image, which covers the highest percentage of the multimedia data, its protection is very important. These might include Military Secrets, Commercial Secrets and Information of individuals. This can be achieved by visual Cryptography. It is one kind of image encryption. Incurrent technology, most of visual cryptography areembedded a secret using multiple shares. Visual is secret sharing technique used in visual cryptography which divides the secret image into multiple shares and by superimposing those shares the original secret image is going to be revealed, but it create a threat when an intruder get shares with which the image is going to be decrypted easily. However in these project work, an extremely useful bitwise operation is perform on every pixel with the help of key. The key is provided by new concept of sterilization algorithm. Initially Red, Green and Blue channels get separated from image and are going to be encrypted on multiple levels using multiple shares, convert an image into unreadable format and by combining all the shares in proper sequence the original secret image revealed

ESSVCS: an enriched secret sharing visual cryptography

Visual Cryptography (VC) is a powerful technique that combines the notions of perfect ciphers and secret sharing in cryptography with that of raster graphics. A binary image can be divided into shares that are able to be stacked together so as to approximately recover the original image. VC is a unique technique in the sense that the encrypted message can be decrypted directly by the Human Visual System (HVS). The distinguishing characteristic of VC is the ability of secret restoration without the use of computation. However because of restrictions of the HVS, pixel expansion and alignment problems, a VC scheme perhaps can only be applied to share a small size of secret image. In this paper, we present an Enriched Secret Sharing Visual Cryptography Scheme (ESSVCS) to let the VC shares carry more secrets, the technique is to use cypher output of private-key systems as the input random numbers of VC scheme, meanwhile the encryption key could be shared, the shared keys could be associated with the VC shares. After this operation, VC scheme and secret sharing scheme are merged with the private-key system. Under this design, we implement a (k; t; n)-VC scheme. Compared to those existing schemes, our scheme could greatly enhance the ability of current VC schemes and could cope with pretty rich secrets

Secure and Usable User Authentication

Authentication is a ubiquitous task in users\u27 daily lives. The dominant form of user authentication are text passwords. They protect private accounts like online banking, gaming, and email, but also assets in organisations. Yet, many issues are associated with text passwords, leading to challenges faced by both, users and organisations. This thesis contributes to the body of research enabling secure and usable user authentication, benefiting both, users and organisations. To that end, it addresses three distinct challenges. The first challenge addressed in this thesis is the creation of correct, complete, understandable, and effective password security awareness materials. To this end, a systematic process for the creation of awareness materials was developed and applied to create a password security awareness material. This process comprises four steps. First, relevant content for an initial version is aggregated (i.e. descriptions of attacks on passwords and user accounts, descriptions of defences to these attacks, and common misconceptions about password and user account security). Then, feedback from information security experts is gathered to ensure the correctness and completeness of the awareness material. Thereafter, feedback from lay-users is gathered to ensure the understandability of the awareness material. Finally, a formal evaluation of the awareness material is conducted to ensure its effectiveness (i.e. whether the material improves participant\u27s ability to assess the security of passwords as well as password-related behaviour and decreases the prevalence of common misconceptions about password and user account security). The results of the evaluation show the effectiveness of the awareness material: it significantly improved the participants\u27 ability to assess the security of password-related behaviour as well as passwords and significantly decreased the prevalence of misconceptions about password and user account security. The second challenge addressed in this thesis is shoulder-surfing resistant text password entry with gamepads (as an example of very constrained input devices) in shared spaces. To this end, the very first investigation of text password entry with gamepads is conducted. First, the requirements of authentication in the gamepad context are described. Then, these requirements are applied to assess schemes already deployed in the gamepad context and shoulder-surfing resistant authentication schemes from the literature proposed for non-gamepad contexts. The results of this assessment show that none of the currently deployed and only four of the proposals in the literature fulfil all requirements. Furthermore, the results of the assessment also indicate a need for an empirical evaluation in order to exactly gauge the shoulder-surfing threat in the gamepad context and compare alternatives to the incumbent on-screen keyboard. Based on these results, two user studies (one online study and one lab study) are conducted to investigate the shoulder-surfing resistance and usability of three authentication schemes in the gamepad context: the on-screen keyboard (as de-facto standard in this context), the grid-based scheme (an existing proposal from the literature identified as the most viable candidate adaptable to the gamepad context during the assessment), and Colorwheels (a novel shoulder-surfing resistant authentication scheme specifically designed for the gamepad context). The results of these two user studies show that on-screen keyboards are highly susceptible to opportunistic shoulder-surfing, but also show the most favourable usability properties among the three schemes. Colorwheels offers the most robust shoulder-surfing resistance and scores highest with respect to participants\u27 intention to use it in the future, while showing more favourable usability results than the grid-based scheme. The third challenge addressed in this thesis is secure and efficient storage of passwords in portfolio authentication schemes. Portfolio authentication is used to counter capture attacks such as shoulder-surfing or eavesdropping on network traffic. While usability studies of portfolio authentication schemes showed promising results, a verification scheme which allows secure and efficient storage of the portfolio authentication secret had been missing until now. To remedy this problem, the (t,n)-threshold verification scheme is proposed. It is based on secret sharing and key derivation functions. The security as well as the efficiency properties of two variants of the scheme (one based on Blakley secret sharing and one based on Shamir secret sharing) are evaluated against each other and against a naive approach. These evaluations show that the two (t,n)-threshold verification scheme variants always exhibit more favourable properties than the naive approach and that when deciding between the two variants, the exact application scenario must be considered. Three use cases illustrate as exemplary application scenarios the versatility of the proposed (t,n)-threshold verification scheme. By addressing the aforementioned three distinct challenges, this thesis demonstrates the breadth of the field of usable and secure user authentication ranging from awareness materials, to the assessment and evaluation of authentication schemes, to applying cryptography to craft secure password storage solutions. The research processes, results, and insights described in this thesis represent important and meaningful contributions to the state of the art in the research on usable and secure user authentication, offering benefits for users, organisations, and researchers alike

A Study on Visually Encrypted Images for Rights Protection and Authentication

首都大学東京, 2014-03-25, 博士(工学), 甲第444号首都大学東

Encrypting More Information in Visual Cryptography Scheme

The visual cryptography scheme (VCS) is a scheme which encodes a secret image into several shares, and only qualified sets of shares can recover the secret image visually, other sets of shares cannot get any information about the content of the secret image. From the point of view of encrypting (carrying) the secret information, the traditional VCS is not an efficient method. The amount of the information that a VCS encrypts depends on the amount of secret pixels. And because of the restrictions of the human eyes and the pixel expansion and the alignment problem of the VCS, a VCS perhaps can only be used to encrypt a small secret image. VCS requires a random number generator to guide the generation of the shares. As we will show in this paper, the random input of VCS can ba seen as a subchannel which helps carrying more secret information. We propose a general method to increase the amount of secret information that a threshold VCS can encrypt by treating the pseudo-random inputs of the VCS as a subchannel, i.e. the Encrypting More Information Visual Cryptography Scheme (EMIVCS). We also study the bandwidth of the proposed EMIVCS. The disadvantage of the proposed scheme is that, the decoding process is computer aided. However, compared with other computer aided VCS, the proposed scheme is more efficient

Robust Watermarking Schemes for Digital Images

With the rapid development of multimedia and the widespread distribution of digital data over the internet networks, it has become easy to obtain the intellectual properties. Consequently, the multimedia owners need more than ever before to protect their data and to prevent their unauthorized use. Digital watermarking has been proposed as an effective method for copyright protection and an unauthorized manipulation of the multimedia. Watermarking refers to the process of embedding an identification code or some other information called watermark into digital multimedia without affecting the visual quality of the host multimedia. Such a watermark can be used for several purposes including copyright protection and fingerprinting of the multimedia for tracing and data authentication. The goal in a watermarking scheme is to embed a watermark that is robust against various types of attacks while preserving the perceptual quality of the cover image. A variety of schemes have been proposed in the literature to achieve these goals for watermarking of images. These schemes either provide good imperceptibility of the watermark without sufficient resilience to certain types of attacks or provide good robustness against attacks at the expense of degraded perceptual quality of the cover images. The objective of this work is to develop image watermarking schemes with performance that is superior to those of existing schemes in terms of their robustness against various types of attacks while preserving the perceptual of the cover image. In this thesis, two new digital image watermarking schemes are proposed. In the first scheme, an Arnold transform integrated DCT-SVD based image watermarking scheme is developed. The main idea in this scheme is to improve the robustness of the watermarking further by scrambling the watermark data using the Arnold transform while still preserving the good perceptibility of the watermarked image furnished by a DCT-SVD based embedding. Also, it is shown that considerable savings in the computation time to recover the original watermark image can be provided by using the anti-Arnold transform in the watermark extraction process. In the second scheme, a DWT-SVD digital image watermarking scheme that makes use of visual cryptography to embed and extract a binary watermark image is developed. The use of visual cryptography in the proposed watermarking scheme is intended to provide improved robustness against attacks along with furnishing security to the content of the embedded data. Extensive experiments are conducted throughout this investigation in order to examine the performance of the proposed watermarking schemes. It is shown that the two proposed watermarking schemes developed in this thesis provide a performance superior to that of the existing schemes in terms of robustness against various types of attacks while preserving the perceptual quality of the cover image

Risks and potentials of graphical and gesture-based authentication for touchscreen mobile devices

While a few years ago, mobile phones were mainly used for making phone calls and texting short messages, the functionality of mobile devices has massively grown. We are surfing the web, sending emails and we are checking our bank accounts on the go. As a consequence, these internet-enabled devices store a lot of potentially sensitive data and require enhanced protection. We argue that authentication often represents the only countermeasure to protect mobile devices from unwanted access. Knowledge-based concepts (e.g., PIN) are the most used authentication schemes on mobile devices. They serve as the main protection barrier for many users and represent the fallback solution whenever alternative mechanisms fail (e.g., fingerprint recognition). This thesis focuses on the risks and potentials of gesture-based authentication concepts that particularly exploit the touch feature of mobile devices. The contribution of our work is threefold. Firstly, the problem space of mobile authentication is explored. Secondly, the design space is systematically evaluated utilizing interactive prototypes. Finally, we provide generalized insights into the impact of specific design factors and present recommendations for the design and the evaluation of graphical gesture-based authentication mechanisms. The problem space exploration is based on four research projects that reveal important real-world issues of gesture-based authentication on mobile devices. The first part focuses on authentication behavior in the wild and shows that the mobile context makes great demands on the usability of authentication concepts. The second part explores usability features of established concepts and indicates that gesture-based approaches have several benefits in the mobile context. The third part focuses on observability and presents a prediction model for the vulnerability of a given grid-based gesture. Finally, the fourth part investigates the predictability of user-selected gesture-based secrets. The design space exploration is based on a design-oriented research approach and presents several practical solutions to existing real-world problems. The novel authentication mechanisms are implemented into working prototypes and evaluated in the lab and the field. In the first part, we discuss smudge attacks and present alternative authentication concepts that are significantly more secure against such attacks. The second part focuses on observation attacks. We illustrate how relative touch gestures can support eyes-free authentication and how they can be utilized to make traditional PIN-entry secure against observation attacks. The third part addresses the problem of predictable gesture choice and presents two concepts which nudge users to select a more diverse set of gestures. Finally, the results of the basic research and the design-oriented applied research are combined to discuss the interconnection of design space and problem space. We contribute by outlining crucial requirements for mobile authentication mechanisms and present empirically proven objectives for future designs. In addition, we illustrate a systematic goal-oriented development process and provide recommendations for the evaluation of authentication on mobile devices.Während Mobiltelefone vor einigen Jahren noch fast ausschließlich zum Telefonieren und zum SMS schreiben genutzt wurden, sind die Anwendungsmöglichkeiten von Mobilgeräten in den letzten Jahren erheblich gewachsen. Wir surfen unterwegs im Netz, senden E-Mails und überprüfen Bankkonten. In der Folge speichern moderne internetfähigen Mobilgeräte eine Vielfalt potenziell sensibler Daten und erfordern einen erhöhten Schutz. In diesem Zusammenhang stellen Authentifizierungsmethoden häufig die einzige Möglichkeit dar, um Mobilgeräte vor ungewolltem Zugriff zu schützen. Wissensbasierte Konzepte (bspw. PIN) sind die meistgenutzten Authentifizierungssysteme auf Mobilgeräten. Sie stellen für viele Nutzer den einzigen Schutzmechanismus dar und dienen als Ersatzlösung, wenn alternative Systeme (bspw. Fingerabdruckerkennung) versagen. Diese Dissertation befasst sich mit den Risiken und Potenzialen gestenbasierter Konzepte, welche insbesondere die Touch-Funktion moderner Mobilgeräte ausschöpfen. Der wissenschaftliche Beitrag dieser Arbeit ist vielschichtig. Zum einen wird der Problemraum mobiler Authentifizierung erforscht. Zum anderen wird der Gestaltungsraum anhand interaktiver Prototypen systematisch evaluiert. Schließlich stellen wir generelle Einsichten bezüglich des Einflusses bestimmter Gestaltungsaspekte dar und geben Empfehlungen für die Gestaltung und Bewertung grafischer gestenbasierter Authentifizierungsmechanismen. Die Untersuchung des Problemraums basiert auf vier Forschungsprojekten, welche praktische Probleme gestenbasierter Authentifizierung offenbaren. Der erste Teil befasst sich mit dem Authentifizierungsverhalten im Alltag und zeigt, dass der mobile Kontext hohe Ansprüche an die Benutzerfreundlichkeit eines Authentifizierungssystems stellt. Der zweite Teil beschäftigt sich mit der Benutzerfreundlichkeit etablierter Methoden und deutet darauf hin, dass gestenbasierte Konzepte vor allem im mobilen Bereich besondere Vorzüge bieten. Im dritten Teil untersuchen wir die Beobachtbarkeit gestenbasierter Eingabe und präsentieren ein Vorhersagemodell, welches die Angreifbarkeit einer gegebenen rasterbasierten Geste abschätzt. Schließlich beschäftigen wir uns mit der Erratbarkeit nutzerselektierter Gesten. Die Untersuchung des Gestaltungsraums basiert auf einem gestaltungsorientierten Forschungsansatz, welcher zu mehreren praxisgerechte Lösungen führt. Die neuartigen Authentifizierungskonzepte werden als interaktive Prototypen umgesetzt und in Labor- und Feldversuchen evaluiert. Im ersten Teil diskutieren wir Fettfingerattacken ("smudge attacks") und präsentieren alternative Authentifizierungskonzepte, welche effektiv vor diesen Angriffen schützen. Der zweite Teil beschäftigt sich mit Angriffen durch Beobachtung und verdeutlicht wie relative Gesten dazu genutzt werden können, um blickfreie Authentifizierung zu gewährleisten oder um PIN-Eingaben vor Beobachtung zu schützen. Der dritte Teil beschäftigt sich mit dem Problem der vorhersehbaren Gestenwahl und präsentiert zwei Konzepte, welche Nutzer dazu bringen verschiedenartige Gesten zu wählen. Die Ergebnisse der Grundlagenforschung und der gestaltungsorientierten angewandten Forschung werden schließlich verknüpft, um die Verzahnung von Gestaltungsraum und Problemraum zu diskutieren. Wir präsentieren wichtige Anforderungen für mobile Authentifizierungsmechanismen und erläutern empirisch nachgewiesene Zielvorgaben für zukünftige Konzepte. Zusätzlich zeigen wir einen zielgerichteten Entwicklungsprozess auf, welcher bei der Entwicklung neuartiger Konzepte helfen wird und geben Empfehlungen für die Evaluation mobiler Authentifizierungsmethoden

Design of data validation solutions using high density 2D colored codes and a (2,2) xor-based color interference visual cryptography scheme

Tese (doutorado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2018.A validação de dados nos sistemas de informação utiliza majoritariamente algoritmos criptográficos em sistemas que, geralmente, não utilizam materiais não eletrônicos como parte da infraestrutura do criptossistema. Nesse trabalho, foram desenvolvidos dois sistemas de armazenamento e recuperação de dados através da proposta de uma nova tecnologia de códigos de barra colorido bidimensional e de um novo esquema de criptografia visual. Os códigos de barras bidimensionais têm sido amplamente estudados, mas ainda continuam sem contar com um padrão que consiga transmitir alta quantidade de informação em pequenos espaços impressos. As aplicações desse modelo de transmissão tem como motivação a necessidade de armazenar (e recuperar) uma alta quantidade de informação em pequenas áreas impressas, como por exemplo, para utilização de dados criptográficos que sejam processados sem conexão e armazenados em pequenos espaços impressos, como os de caixas de remédios ou caixas de cigarros. O código de barras colorido 2D proposto nesse trabalho é chamado de High Density 2 Dimensional Code (HD2DC) e possui 8 diferentes tamanhos. O HD2DC permite a utilização de 5 ou 8 cores em cada tamanho e conta com o algoritmo de correção de erro Reed-Solomon com 3 diferentes níveis (10%, 20% e 30%). O HD2DC foi desenvolvido com o objetivo de ser um padrão de código de barras colorido 2D para operações de transmissão de grande quantidade de informações em pequenas ou médias áreas de impressão. Criptografia visual é uma técnica que cifra uma imagem secreta em duas ou mais imagens chave. A decodificação de qualquer esquema de criptografia visual depende do sistema visual humano e a maioria das propostas existentes consideram para a decodificação a utilização da sobreposição de duas ou mais lâminas físicas com n x n (n ≥ 2) pixels expandidos. O esquema de criptografia visual proposto nesse trabalho considera a utilização de duas imagens. A primeira é uma lâmina física feita por uma impressão colorida em Policloreto de Polivinila (PVC) transparente de 3 milímetros, enquanto que a segunda é uma imagem colorida apresentada na tela do visor de um smartphone. Ambas as imagens não geram expansão de pixels. A obtenção das melhores cores utilizadas nesse criptossistema foi realizada através de estudos físicos do comportamento da interferência de cor entre a tela do smartphone e a cor utilizada na impressão do PVC transparente. Essa nova proposta possui um alto nível de usabilidade para validação de dados em transações eletrônicas e conta com um custo muito baixo de implementação. Um sistema robusto de validação de dados é criado quando é combinada a criptografia visual proposta com o HD2DC. O HD2DC tem a capacidade de armazenar uma das imagens chave, no caso a que deve ser mostrada no visor do celular, essa arquitetura de codificação aumenta a percepção de segurança e explora a usabilidade do celular por meio da utilização da câmera e da tela como ferramentas para mostrar a imagem cifrada da criptografia visual.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)Digital data validation generally requires that algorithms are ran into on cryptographic systems that, usually, do not use non-electronic devices as part of their information security infrastructure. This work presents two information storage and retrieval systems: a new colored two-dimensional barcode technology and a novel visual cryptography scheme. Two-dimensional barcodes have been a topic of research for several decades, but there is still no standard that stores and retrieves high amounts of data. Recently, new requirements have been imposed on applications that use 2D barcodes as a communication channel, such as the capability of storing information into a small printed area. This particular requirement is specially important for 2D barcodes that store cryptographic primitives to be processed off-line. This is the case of barcodes in products like cigarettes and medicines, which are used for data validation and product verification. The proposed 2D colored barcode is called High Density Two-Dimensional Code (HD2DC) and is currently one of the 2D barcodes with the highest data density. HD2DC can be generated in 8 different sizes, with 5 or 8 colors. To increase robustness, the system uses a Reed-Solomon error correction algorithm with 3 different levels: Low, Medium and High, which provide approximately 10%, 20% and 30% error correction, respectively. Visual cryptography (VC) is a technique that encodes the content of a secret image into two or more images, which are called shares. These shares are printed on transparencies and superimposed (requiring a good alignment) to reveal (visually) the original secret image, i.e. without requiring any computation. Current visual cryptography schemes use at least 2 shares (transparencies) as keys. With respect to the secret image size, most of these schemes produce a n x n (n ≥ 2) size expansion of the shares and the decoded image. The proposed Visual Cryptography scheme, on the other hand, uses two shares and does not require a size expansion. The first share is a colored film printed on a Polyvinyl Chloride (PVC) surface of 3 millimeters, while the second share is a colored image displayed on a smartphone or tablet. In this work, we performed a physical evaluation of the color interference properties of these two shares (the printed PVC transparency and the image displayed on the mobile device) to find the most adequate color space to be used in the proposed cryptosystem. We also propose a strong validation system combining our Xor-Based Visual Cryptography scheme with HD2DC. HD2DC has the capability of storing the share that is shown on the mobile device display. This encoding architecture enhances security perception and explores the mobile device usability, using its screen to display a Visual Cryptography share

An Efficient Approach Based on Privacy-Preserving Deep Learning for Satellite Image Classification

Satellite images have drawn increasing interest from a wide variety of users, including business and government, ever since their increased usage in important fields ranging from weather, forestry and agriculture to surface changes and biodiversity monitoring. Recent updates in the field have also introduced various deep learning (DL) architectures to satellite imagery as a means of extracting useful information. However, this new approach comes with its own issues, including the fact that many users utilize ready-made cloud services (both public and private) in order to take advantage of built-in DL algorithms and thus avoid the complexity of developing their own DL architectures. However, this presents new challenges to protecting data against unauthorized access, mining and usage of sensitive information extracted from that data. Therefore, new privacy concerns regarding sensitive data in satellite images have arisen. This research proposes an efficient approach that takes advantage of privacy-preserving deep learning (PPDL)-based techniques to address privacy concerns regarding data from satellite images when applying public DL models. In this paper, we proposed a partially homomorphic encryption scheme (a Paillier scheme), which enables processing of confidential information without exposure of the underlying data. Our method achieves robust results when applied to a custom convolutional neural network (CNN) as well as to existing transfer learning methods. The proposed encryption scheme also allows for training CNN models on encrypted data directly, which requires lower computational overhead. Our experiments have been performed on a real-world dataset covering several regions across Saudi Arabia. The results demonstrate that our CNN-based models were able to retain data utility while maintaining data privacy. Security parameters such as correlation coefficient (−0.004), entropy (7.95), energy (0.01), contrast (10.57), number of pixel change rate (4.86), unified average change intensity (33.66), and more are in favor of our proposed encryption scheme. To the best of our knowledge, this research is also one of the first studies that applies PPDL-based techniques to satellite image data in any capacity

Investigation of Multimodal Template-Free Biometric Techniques and Associated Exception Handling

The Biometric systems are commonly used as a fundamental tool by both government and private sector organizations to allow restricted access to sensitive areas, to identify the criminals by the police and to authenticate the identification of individuals requesting to access to certain personal and confidential services. The applications of these identification tools have created issues of security and privacy relating to personal, commercial and government identities. Over the last decade, reports of increasing insecurity to the personal data of users in the public and commercial domain applications has prompted the development of more robust and sound measures to protect the personal data of users from being stolen and spoofing. The present study aimed to introduce the scheme for integrating direct and indirect biometric key generation schemes with the application of Shamir‘s secret sharing algorithm in order to address the two disadvantages: revocability of the biometric key and the exception handling of biometric modality. This study used two different approaches for key generation using Shamir‘s secret sharing scheme: template based approach for indirect key generation and template-free. The findings of this study demonstrated that the encryption key generated by the proposed system was not required to be stored in the database which prevented the attack on the privacy of the data of the individuals from the hackers. Interestingly, the proposed system was also able to generate multiple encryption keys with varying lengths. Furthermore, the results of this study also offered the flexibility of providing the multiple keys for different applications for each user. The results from this study, consequently, showed the considerable potential and prospect of the proposed scheme to generate encryption keys directly and indirectly from the biometric samples, which could enhance its success in biometric security field